Behavioral Advertising and “Do Not Track”: Navigating the Privacy Minefield - A Report By OlenderFeldman LLP

Share Article

Do Not Track threatens to upend the existing business models of online publishers and advertisers, and overly intrusive tracking can alienate customers. OlenderFeldman LLP provides a status report on privacy law, FTC compliance and online behavioral advertising.

Companies should also ensure that their tracking and analytics are done in compliance with privacy laws and clearly communicated to their customers.

Union, NJ (PRWEB)February 29, 2012

The Internet is fraught with privacy-related dangers for companies. For example, Facebook’s IPO filing contains multiple references to the various privacy risks that may threaten its business model, and it seems like every day a new class action suit is filed against Facebook alleging surreptitious tracking or other breaches of privacy laws. Google has recently faced a resounding public backlash related to its new uniform privacy policy, to the extent that 36 state attorney generals are considering filing suit. New privacy legislation and regulatory activities have been proposed, with the Federal Trade Commission (FTC) taking an active role in enforcing compliance with the various privacy laws. The real game changer, however, might be the renewed popularity of “Do Not Track,” which threatens to upend the existing business models of online publishers and advertisers. “Do Not Track” is a proposal which would enable users to opt out of tracking by websites they do not visit, including analytics services, advertising networks and social platforms.

To understand the genesis of “Do Not Track” it is important to understand what online tracking is and how it works. If you visit any website supported by advertising (as well as many that are not), a number of tracking objects may be placed on your device. These online tracking technologies take many forms, including HTTP cookies, web beacons (clear GIFs), local shared objects or flash cookies, HTML5 cookies, browser history sniffers and browser fingerprinting. What they all have in common is that they use tracking technology to observe web users’ interests, including content consumed, ads clicked, and other search keywords and conversions to track online movements, and build an online behavior profiles that are used to determine which ads are selected when a particular webpage is accessed. Collectively, these are known as behavioral targeting or advertising. Tracking technologies are also used for other purposes in addition to behavioral targeting, including site analytics, advertising metrics and reporting, and capping the frequency with which individual ads are displayed to users.

If behavioral advertising provides benefits such as increased relevance and usefulness to both advertisers and consumers, how has it become so controversial? Traditionally, advertisers have avoided collecting personally identifiable information (PII), preferring anonymous tracking data. However, new analytic tools and algorithms make it possible to combine “anonymous” information to create detailed profiles that can be associated with a particular computer or person. Formerly anonymous information can be re-identified, and companies are taking advantage in order to deliver increasingly targeted ads. Some of those practices have led to renewed privacy concerns. For example, recently Target was able to identify that a teenager was pregnant – before her father had any idea. It seems that Target has identified certain patterns in expecting mothers and assigns shoppers a “pregnancy prediction score.” Apparently, the father was livid when his high-school age daughter was repeatedly targeted with various maternity items, only to later find out that, well, Target knew more about his daughter than he did (at least in that regard). Needless to say, some PII is more sensitive than others, but it is almost always alarming when you don’t know what others know about you.

Ultimately, most users find it a little creepy when they find out that Facebook tracks your web browsing activity through their “Like” button, or that detailed profiles of their browsing history exist that could be associated with them. According to a recent Gallup poll, 61% of individuals polled felt the privacy intrusion presented by tracking was not worth the free access to content. 67% said that advertisers should not be able to match ads to specific interests based upon websites visited.

The wild west of internet tracking may soon be coming to a close. The FTC has issued its recommendations for Do Not Track, which they recommend be instituted as a browser based mechanism through which consumers could make persistent choices to signal whether or not they want to be tracked or receive targeted advertising. However, you shouldn’t wait for an FTC compliance notice to start rethinking your privacy practices.

It goes without saying that companies are required to follow the existing privacy laws. However, it is important to not only speak with a privacy lawyer to ensure compliance with existing privacy laws and regulations (the FTC compliance division also monitors whether companies comply with posted privacy policies and terms of service) but also to ensure that your tracking and analytics are done in an non-creepy, non-intrusive manner that is clearly communicated to your customers and enables them to opt-in, and gives them an opportunity to opt out at their discretion. Your respect for your consumers’ privacy concerns will reap long-term benefits beyond anything that surreptitious tracking could ever accomplish.

To discuss privacy laws and regulations, FTC compliance, or ecommerce law for your business, please feel free to contact Aaron Messing, Esq., CIPP. We work with diverse clients ranging from startups to multinationals, and can tailor solutions to fit your business needs.